Skip to content

Commit

Permalink
Don't override HOST header if provided by user already in WebSocketCl…
Browse files Browse the repository at this point in the history 
…ientHandshaker (netty#10104)

Motivation:

The user may need to provide a specific HOST header. We should not override it when specified during handshake.

Modifications:

Check if a custom HOST header is already provided by the user and if so dont override it

Result:

Fixes netty#10101
  • Loading branch information
@normanmaurer
normanmaurer authored Mar 12, 2020
1 parent e4af5c3 commit 260540b
Show file tree
Hide file tree
Showing 5 changed files with 51 additions and 7 deletions.
11 changes: 9 additions & 2 deletions ...ttp/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,12 +218,19 @@ protected FullHttpRequest newHandshakeRequest() {

if (customHeaders != null) {
headers.add(customHeaders);
if (!headers.contains(HttpHeaderNames.HOST)) {
// Only add HOST header if customHeaders did not contain it.
//
// See https://github.com/netty/netty/issues/10101
headers.set(HttpHeaderNames.HOST, websocketHostValue(wsURL));
}
} else {
headers.set(HttpHeaderNames.HOST, websocketHostValue(wsURL));
}

headers.set(HttpHeaderNames.UPGRADE, HttpHeaderValues.WEBSOCKET)
.set(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE)
.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key)
.set(HttpHeaderNames.HOST, websocketHostValue(wsURL));
.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key);

if (!headers.contains(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN)) {
headers.set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(wsURL));
Expand Down
11 changes: 9 additions & 2 deletions ...ttp/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker08.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,12 +220,19 @@ protected FullHttpRequest newHandshakeRequest() {

if (customHeaders != null) {
headers.add(customHeaders);
if (!headers.contains(HttpHeaderNames.HOST)) {
// Only add HOST header if customHeaders did not contain it.
//
// See https://github.com/netty/netty/issues/10101
headers.set(HttpHeaderNames.HOST, websocketHostValue(wsURL));
}
} else {
headers.set(HttpHeaderNames.HOST, websocketHostValue(wsURL));
}

headers.set(HttpHeaderNames.UPGRADE, HttpHeaderValues.WEBSOCKET)
.set(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE)
.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key)
.set(HttpHeaderNames.HOST, websocketHostValue(wsURL));
.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key);

if (!headers.contains(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN)) {
headers.set(HttpHeaderNames.SEC_WEBSOCKET_ORIGIN, websocketOriginValue(wsURL));
Expand Down
11 changes: 9 additions & 2 deletions ...ttp/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker13.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,12 +221,19 @@ protected FullHttpRequest newHandshakeRequest() {

if (customHeaders != null) {
headers.add(customHeaders);
if (!headers.contains(HttpHeaderNames.HOST)) {
// Only add HOST header if customHeaders did not contain it.
//
// See https://github.com/netty/netty/issues/10101
headers.set(HttpHeaderNames.HOST, websocketHostValue(wsURL));
}
} else {
headers.set(HttpHeaderNames.HOST, websocketHostValue(wsURL));
}

headers.set(HttpHeaderNames.UPGRADE, HttpHeaderValues.WEBSOCKET)
.set(HttpHeaderNames.CONNECTION, HttpHeaderValues.UPGRADE)
.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key)
.set(HttpHeaderNames.HOST, websocketHostValue(wsURL));
.set(HttpHeaderNames.SEC_WEBSOCKET_KEY, key);

if (!headers.contains(HttpHeaderNames.ORIGIN)) {
headers.set(HttpHeaderNames.ORIGIN, websocketOriginValue(wsURL));
Expand Down
21 changes: 21 additions & 0 deletions ...src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshaker07Test.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,33 @@
*/
package io.netty.handler.codec.http.websocketx;

import io.netty.handler.codec.http.DefaultHttpHeaders;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaders;
import org.junit.Test;

import java.net.URI;

import static org.junit.Assert.assertEquals;

public class WebSocketClientHandshaker07Test extends WebSocketClientHandshakerTest {

@Test
public void testHostHeaderPreserved() {
URI uri = URI.create("ws://localhost:9999");
WebSocketClientHandshaker handshaker = newHandshaker(uri, null,
new DefaultHttpHeaders().set(HttpHeaderNames.HOST, "test.netty.io"), false);

FullHttpRequest request = handshaker.newHandshakeRequest();
try {
assertEquals("/", request.uri());
assertEquals("test.netty.io", request.headers().get(HttpHeaderNames.HOST));
} finally {
request.release();
}
}

@Override
protected WebSocketClientHandshaker newHandshaker(URI uri, String subprotocol, HttpHeaders headers,
boolean absoluteUpgradeUrl) {
Expand Down
4 changes: 3 additions & 1 deletion ...p/src/test/java/io/netty/handler/codec/http/websocketx/WebSocketClientHandshakerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -364,7 +364,9 @@ public void testDuplicateWebsocketHandshakeHeaders() {

// add values for the headers that are reserved for use in the websockets handshake
for (CharSequence header : getHandshakeRequiredHeaderNames()) {
inputHeaders.add(header, bogusHeaderValue);
if (!HttpHeaderNames.HOST.equals(header)) {
inputHeaders.add(header, bogusHeaderValue);
}
}
inputHeaders.add(getProtocolHeaderName(), bogusSubProtocol);

Expand Down

0 comments on commit 260540b

Please sign in to comment.